creating 2 user ID's

I am not sure if this is a worthwhile idea but at the moment when a user is stored in the database they get ID's starting from 1. In a url string that would should something like page.php?userID=1

That seems to easy to manipulate. So, I created another column in the database for another unique ID that I would use in the URL instead. I just wanted to know if a) this is worth doing or if it's pointless and b) Is this good enough to use? The below code was actually an example for something else but it seemed like a good choice (I think).

I was also concerned that there is a chance that there could be a duplicate entry so perhaps before the user is able to register, I have some code to check that it doesn't exist before continuing. Not sure what I would do if it did exist though because the user isn't in control of what is generated.

If you're storing this in a database, you can use UNIQUE constraints and any attempt to insert a duplicate value in a UNIQUE column will cause MySQL to throw errno==1062. You can trap this and retry the value generation process.

The main advantage of having non-sequential numbers for database keys appears when you're using a security-by-obscurity approach to URL parameters. If your clients are numbered sequentially from 1, 2, 3, ... it's going to be pretty easy to guess the next sequence. Random keys reduce the risk of a hacker guessing your client identifiers and stealing your database.

I think the strtr() code is unnecessary. Base64_encode() will give you URL-safe values for the random string.

Featured Post

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users.
This could be anything, from a simple guestbook to a e-Money solution. But what…